HARDWARE BASED DETECTION DEVICES FOR DETECTING NETWORK TRAFFIC CONTENT AND METHODS OF USING THE SAME
First Claim
1. A method for detecting network traffic content, the method comprising:
- receiving one or more signatures, each of the one or more signatures associated with content desired to be detected;
compiling the one or more signatures into a byte stream executable by a processor to control operation of the processor in determining whether network traffic content matches content desired to be detected based on the compiled one or more signatures;
receiving network traffic content; and
processing the compiled one or more signatures and the network traffic content to determine whether the network traffic content matches the content desired to be detected as represented in the compiled one or more signatures;
wherein;
the processing is performed by a device that is a part of a firewall of a computer system;
the one or more signatures are received via a first input port at the device, and the data is received via a second input port at the device, the device having a housing, the first and second input ports associated with the housing, andat least one of the one or more signatures is codified using one or more predicates which prescribe one or more functions to be executed by the processor to detect the network traffic content.
0 Assignments
0 Petitions
Accused Products
Abstract
A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired to be detected, and an output port configured to couple the device to a computer system of an intended recipient of the network traffic content. The output port passes the network traffic content to the computer system when it is determined that the network traffic content does not match the content desired to be detected.
-
Citations
1 Claim
-
1. A method for detecting network traffic content, the method comprising:
-
receiving one or more signatures, each of the one or more signatures associated with content desired to be detected; compiling the one or more signatures into a byte stream executable by a processor to control operation of the processor in determining whether network traffic content matches content desired to be detected based on the compiled one or more signatures; receiving network traffic content; and processing the compiled one or more signatures and the network traffic content to determine whether the network traffic content matches the content desired to be detected as represented in the compiled one or more signatures; wherein; the processing is performed by a device that is a part of a firewall of a computer system; the one or more signatures are received via a first input port at the device, and the data is received via a second input port at the device, the device having a housing, the first and second input ports associated with the housing, and at least one of the one or more signatures is codified using one or more predicates which prescribe one or more functions to be executed by the processor to detect the network traffic content.
-
Specification
-
- Resources
-
Current AssigneeFortinet Inc.
-
Original AssigneeFortinet Inc.
-
InventorsXie, Michael
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesH04L 43/04 Processing captured monitor...H04L 43/10 Active monitoring, e.g. hea...H04L 63/0236 Filtering by address, proto...H04L 63/0245 Filtering by information in...H04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1441 Countermeasures against mal...H04L 63/145 the attack involving the pr...
